Hi, Brian wrote: > Here is a password > F!Vz5s19WuXa61PaA"+5 > Where does the password come from? It doesn't matter.
But that's the cardboard backplane of the passwords which a human brain can memorize: They have an origin or a memory hook. Long passwords from a good random number generator are rock solid. But you have to store them in an information technology device or write them down on paper and toggle them correctly each time you use them. > It looks like brute force is the only way to go. Yes. Enumeration is brute force. But the skilled enumerator will try to skip the wide areas of really strong passwords in favor of those narrow ones which a human can remember. You need to be a very unusual person with an unusual memory to quite surely beat the computing power of our days. As a litmus test, i propose you google each of the ideas in the memory hook of your password. If they all yield some valid hits, then you can expect them to be in the enumeration pool of big attackers. That's what fascinates me with the idea of a super slow publicly known hash algorithm. It would annoy enumerators where it hurts them most: time. If you at home spend 4 seconds once per login, they might have to spend with their million CPU machine 4 microseconds a quadrillion times, just to try the passwords that are weaker than yours. 136 years if they don't upgrade their hardware in that time. (90 Moore's Law periods. Hopeless to defend against the expectable progress in computation power.) 1 Quadrillion = 10 exp 15 = 2 exp 49, which i estimate is less than the number of tries in the first article brought by Curt: https://arstechnica.com/information-technology/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/ Have a nice day :) Thomas
